How to manually validate identityserver accesstoken on the client side

Asked Mar 06 '19 at 20:51

Active Mar 06 '19 at 20:51

Viewed 1,168 times

I posted a question some time ago: Is it possible to use IdentityModel to integrate a webform app in .net 4.5 with IdentityServer4 without using OWIN? . I almost did that integration manually. Now, I have some more questions: Do I need to validate an AccessToken against id_token like in the specs here : OpenID Connect Core 1.0 in

3.3.2.9. Access Token Validation section.

If yes, How can I manually do this validation? I know how to validate the AccessToken in insolate way, using ValidateToken() from JwtSecurityTokenHandler in System.IdentityModel.Tokens.Jwt, but I don't know how to validate it together with the id_token using "at_hash".

Is there any library in .net framework 4.7.1 that can be used for that?

asked Mar 06 '19 at 20:51

Guille

Check if it helps: https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens#validating-tokens – Amir Molaei Mar 06 '19 at 21:19
@rad I'm going to check it – Guille Mar 06 '19 at 21:38

How to manually validate identityserver accesstoken on the client side

0 Answers0